tags 307720 + fixed-upstream thanks I agree with Paul, I think the severity is minor, too. The buffer overflow allows to write two characters beyond the limit: one in [0-9A-F] and a '\0'. It is very hard (if possible at all) to do anything with this.
Reported issues are now fixed upstream, and a patch is available here: http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_sql/rlm_sql.c.diff?r1=1.131.2.1&r2=1.131.2.3 This is very disappointing Mr Bratanic didn't followed normal procedures to contact the project. (you should alert the developpers before posting to BugTraq) -- Nicolas Baradakis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]